[CentOS] ejabberd 2.0.2 vs SELinux vs CentOS 5

Sat Oct 4 16:02:11 UTC 2008
Damian S <dsteward at internode.on.net>

Lordy, I've been having problems with this darn thing, so I hope someone
can help me. :s


My troubles started when I downloaded the latest erlang and ejabberd
packages. I crashed and burned very quickly, trying two or three
different versions of erlang along with several of ejabberd 2.0.x.


Finally, after a week of pain, I admitted defeat, wiped the whole lot
and installed the binary on the process-one website.
Initially, the binary worked well, but mysteriously stopped working
whenever I changed the config file and restarted the file.


Anyway, to cut a long story short, I have discovered that SELinux is
preventing erlang from accessing its crypto libs.
This message appears in the SELinux audit logs:
type=AVC msg=audit(1223133076.770:102): avc:  denied  { execmod } for
pid=3878 comm="beam.smp"
path="/opt/ejabberd-2.0.2_2/lib/crypto-1.5.2/priv/linux-x86/lib/crypto_drv.so" dev=dm-0 ino=26738869 scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file


What do I need to do, for selinux to allow this?
(Or should I take this question to an SELinux list?)

FWIW, ejabberd seems to run fine while selinux is enabled. Its just when
starting up, that it needs selinux to stay out of the way.